Risk management, strategy and analysis from DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

Global Financial Crime Sparks New Focus on Compliance

As financial crime—including money laundering, terrorist financing, corruption and economic sanctions—has become more globalized, so have enforcement efforts. For global financial services companies caught on either side of these proliferating forces, fresh risks loom.

“Increasingly, management has accountability for compliance and that has cultural implications, as new compliance needs drive changes in incentive structures, performance measurement, education and training,” said David Williams, CEO of Deloitte Financial Advisory Services LLP, speaking during a Deloitte webcast, Regulatory Compliance in the Face of Financial Crime, Money Laundering and Cyberthreats. “Organizations should be extensively engaged in considering ways to maintain an effective compliance program,” Mr. Williams added.

Financial services industry regulators have stressed a need for a culture of compliance along four main pillars:

The globalization of U.S. regulations essentially dates to October 2008, when the financial crisis was in full force. That month, the U.S. Federal Reserve released a document, Compliance Risk Management Programs in Oversight of Large Banking Organizations with Complex Compliance Profiles. This sets out the agency’s expectation that banking organizations establish on the holding company level a compliance policy that applies across different business lines, separate legal entities and various affiliates. In effect, this means that because different jurisdictions have different legal requirements, organizations are moving to harmonize group-wide policies or to establish some form of minimum expectation. This approach marks a departure from the approaches to compliance that organizations took previously, which unfolded broadly across different jurisdictions.

Strengthening Compliance

Regulatory liabilities can be significant, so global organizations—particularly those with some connection with the U.S. either in terms of operations or access to the U.S. capital markets—are looking for ways to protect themselves as enforcement becomes more aggressive. For instance, many global organizations are considering guidance issued in November 2012 by the U.S. Department of Justice in cooperation with the Securities and Exchange Commission. This guidance addressed the question of how financial institutions might protect themselves from the highest level of civil and criminal liability against an individual within their organization who might be involved in bribery.

“An example might be a contractor who knows his bonus depends on the fulfillment of certain contracts and so may be tempted to offer a bribe to a foreign official who is responsible for signing off on a license, customs duty or shipment,” noted James Freis, Jr., counsel at Cleary Gottlieb Steen & Hamilton LLP, who presented on the webcast. “How does an institution protect itself against that? The way to do it is to establish compliance policies that establish responsible officers who have training and access to all individuals who might be placed in such a situation. So you have monitoring, and you have whistleblower-type protection,” Mr. Freis added.

Regulators have stepped up recent efforts to make management more accountable for compliance—as well as compliance failures. For example:

Regulators have recently called for senior management to demonstrate a commitment to anti-money laundering and financial crime compliance.

Organizations are restructuring compliance to create more direct line accountability to management.

“There are heightened regulatory expectations about how organizations are handling compliance. Performance measurement must and can increase the likelihood of effectuating these shifts, and so can the organizational structure,” said Alison Clew, a principal at Deloitte Financial Advisory Services LLP, speaking during the webcast. Specific considerations include the following:

Compliance as a Component of Performance

Making clear the compliance responsibilities of senior management and executives in the different lines of business.

Incorporating compliance into the performance evaluation process for senior management and line of business executives.

What capabilities/resources need to be aligned with the business lines or geographies?

What is the role/opportunity for centers of excellence?

How is the compliance function empowered?

To whom should compliance report?

How do you resolve the business vs. compliance culture?

“Longstanding challenges are involved here, and the solution to compliance will likely be specific to every enterprise, drawing on the resources of compliance, risk management, legal and other departments,” Ms. Clew said.

In fine-tuning compliance to meet evolving regulations and emerging threats, it is vital to consider cybersecurity, according to Bill Ward, executive vice president and head of financial crime risk management at Union Bank, speaking during the webcast. Breaches of cybersecurity come in many forms, including those related to commercial payments, and customer, proprietary or strategic data. “Criminal elements are constantly probing the perimeters of financial institutions and the like, looking for holes. So a combined approach to cyberthreats is appropriate,” Mr. Ward noted.

Related Deloitte Insights

U.S. authorities seem to have made enforcement of the Foreign Corrupt Practices Act (FCPA) a priority in recent years, and other governments around the world appear to be following suit. With that momentum and renewed commitment to enforcing the FCPA by the current U.S. Department of Justice, it’s prudent to assume that stepped-up anti-corruption enforcement is likely to continue. Compliance teams at organizations can benefit from remaining highly vigilant and considering five broad insights as they review and refresh their anti-corruption compliance programs.

Financial crime presents not only the risk of losses but spiraling costs to address them. Among the factors driving up the costs and risks associated with financial crime are compliance with increasing regulation, ongoing crime detection efforts, internal investigations, and litigation, as well as external enforcement actions and associated fines and penalties. Learn about trends in managing the risks of financial crime, including the use of technology and data analytics.

With the attention regulators have been giving to AML regulatory lapses, coupled with record fines and penalties, CROs and CCOs should stay on top of AML developments, particularly adverse AML examinations and regulatory or criminal investigations. Understand questions that can help frame an AML compliance risk profile and steps to help improve compliance risk mitigation.

Views & Analysis

Although board seats don’t become available all that often, as more organizations broaden their definition of diversity the pool of potential candidates is expanding. What does it take to land such a spot? Industry and international experience, a knowledge of risk and technology issues, and personal traits that range from intellectual curiosity to unassailable integrity are just some of the qualities and qualifications that matter. Learn how to assess your viability and what steps you might take to enhance your appeal to search committees.

Continued uncertainty about the economy and increased regulation across several industries have required a more informed and efficient use of capital. Working with management, the board of directors can play a fundamental role in the capital allocation process through its oversight function, including participating in strategy development, examining risks, comparing strategy to results and focusing on key investment terms. Understand how boards can help guide the capital allocation process by challenging business plans and strategy, and reviewing capital allocation alternatives, among other efforts.

As proxy season approaches, several governance issues and proposals are likely to emerge, reflecting shareholders’ increased attention to how companies’ stances on governance matters can impact shareholder value, according to Carol Schumacher, who has held roles as investor relations (IR) officer and corporate affairs officer at a Fortune 10. She discusses shareholders’ expectations for the governance information that management provides, and what IR can do to help companies respond, in a conversation with Sanford Cockrell III, U.S. national managing partner, CFO Program, Deloitte LLP.

Editor's Choice

Boards and C-suite executives overwhelmingly see risk as having an important role in value creation, but just 17% of respondents say they are actively using risk to drive returns, according to a new global survey from Deloitte. The survey also found that senior stakeholders want chief risk officers to spend significantly more time playing the strategist role, with a majority of respondents saying their risk officers should participate more in setting the strategic direction of the company and aligning risk management strategies accordingly.

Traditionally, internal audit (IA) has focused on providing assurance with respect to known risks and the effectiveness of controls in mitigating those risks. Regulators, however, are increasingly interested in an organization’s ability to identify blind spots and other vulnerabilities that may undermine the integrity of the risk management environment, including the risk of misconduct. IA functions can play a pivotal role by substantively testing culture and identifying potential risk-related outliers that may not be visible via other means, such as supervisory frameworks, escalations, compliance assessment and testing, and previous audits.

Identifying and managing strategic risks can be a difficult task. To add to the challenge, many companies have traditionally separated their risk and strategy functions and think of risk as more of a compliance responsibility rather than a dynamic tool for value creation, business performance management and growth. However, companies that align strategy and risk can be better served to allow for a process of “strategic resiliency,” which involves anticipating, knowing and acting on risks when introducing or executing new strategies as a way of increasing the chances of success in spite of uncertainty.

About Deloitte Insights

Deloitte’s Insights for C-suite executives and board members provide information and resources to help address the challenges of managing risk for both value creation and protection, as well as increasing compliance requirements.